IT Audit Explained: What's Actually Included and When Your Vietnamese Business Needs One
Tất cả bài viết

IT Audit Explained: What's Actually Included and When Your Vietnamese Business Needs One

Vietify IT Team9 phút đọc

A comprehensive IT audit takes 2–3 hours on-site and typically uncovers 15–30 issues the business owner had no idea existed.

Last March, a 25-person architecture firm in Da Nang called us in to do a quick IT check before their annual tax audit. Two and a half hours later, we had found eight computers running unlicensed Windows copies, three machines with dormant malware signatures, and the entire CAD project archive sitting on a single external hard drive with no backup. No one in the office knew any of this existed — because no one had ever looked.

That's exactly what a proper IT audit is for: finding out where your systems are weak before those weaknesses become expensive problems.

What Is an IT Audit — and What It Isn't

The phrase "IT audit" gets used loosely. Let's be precise about what a professional IT assessment actually covers, because it's often confused with simpler tasks.

  • Virus scan = running antivirus software on individual machines (30–60 minutes per machine)
  • Financial audit = reviewing accounting records, invoices, and tax obligations
  • IT audit (IT assessment) = a structured review of your entire technology infrastructure — hardware, software licenses, network configuration, backup processes, and user access controls

An IT audit is not about judging your business. It's about giving you an accurate, objective picture of your current IT health — including risks you haven't seen yet.

What's Actually Checked: The 6 Core Areas

Hardware Inventory and Lifecycle

Every physical device is catalogued: computers, printers, network equipment (routers, switches, modems), UPS units, and peripherals. Each device is assessed for age, condition, and whether it's still fit for purpose.

Red flags: computers over 5 years old running resource-heavy software, HDDs with early failure signs, overloaded switches causing network bottlenecks.

In Vietnamese SMB offices, it's common to find machines that are 6–8 years old still running core business applications. Hardware that old routinely has dead sectors, failing fans, and components that are one bad day away from data loss.

Software Licensing and Compliance

This is consistently the area that surprises business owners most. Many companies in Vietnam — even well-run ones — have lost track of exactly which software licenses they own, how many seats are active, and whether all installations are authorized.

In our assessments, we regularly find pirated copies of AutoCAD, Microsoft Office, and accounting software that were installed by employees without the owner's knowledge. This matters beyond the moral question: Vietnamese law (Luật Sở hữu trí tuệ) provides for both civil and criminal liability for commercial use of unlicensed software. During a tax authority inspection, unlicensed software can trigger separate penalties.

Security Assessment

A security review covers: firewall configuration, unnecessary open network ports, antivirus status and update currency, Windows Update policy, and password management practices.

Common findings in Da Nang offices: WiFi routers still using factory-default passwords (which are publicly listed online), Windows automatic updates disabled by a previous IT person to "save bandwidth," and admin passwords shared across multiple employees.

Network Infrastructure

We map the actual network: which devices connect to what, bandwidth to each endpoint, bottlenecks, WiFi coverage gaps, and whether sensitive systems (accounting, HR) are segmented from the general office network.

A common finding for businesses that have grown organically: switches daisy-chained in ways that halve effective bandwidth, or guest WiFi networks that aren't actually isolated from the internal file server.

Backup and Disaster Recovery

The single most important question in any IT audit: if you lost everything on your server tomorrow morning, how much data would you lose and how long would it take to get back to work?

Many Vietnamese SMBs have some form of backup — but haven't tested the restore process. We've seen businesses with three-month-old backups that turned out to be corrupted, and companies whose entire backup strategy was "email important files to yourself."

User Access Controls

This includes: checking whether accounts for former employees are still active (email, cloud services, accounting software), who has admin-level access to sensitive data, and whether there are any "ghost" accounts in the system.

In one recent assessment at a 32-person trading company, we found active Google Workspace accounts for four employees who had left over the previous 18 months — accounts with full access to company Drive folders containing contracts and customer data.

What the Output Looks Like: A Sample Report

After the on-site assessment, you receive a written report. Here's a representative extract (anonymized):


Extract — Trading company, 28 employees, Da Nang:

[HIGH RISK] 6 of 12 computers are running Windows 10 version 21H1, which reached end of security support in December 2022. These machines are no longer receiving security patches. Recommendation: update to Windows 10 22H2 or Windows 11 within 30 days.

[MEDIUM RISK] No automated backup solution found for the 3 accounting department computers. Current practice is manual copy to USB weekly. Recommendation: implement daily automated backup to NAS or cloud service.

[INFORMATION] 2 Google Workspace accounts belonging to former employees remain active with full access to company email and Drive. Recommendation: disable immediately.


A standard report includes:

  • Full device inventory with estimated remaining lifespan
  • Software map with license status for each application
  • Vulnerability list prioritized by severity (High / Medium / Low)
  • Specific action recommendations with suggested priority order
  • Estimated cost to remediate each issue

5 Signs Your Vietnamese Business Needs an IT Audit Now

1. You're Preparing to Scale

Going from 15 to 40 employees puts pressure on infrastructure that was sized for a smaller team. An audit before you hire identifies exactly what needs to be upgraded — and prevents the common mistake of either over-buying or under-provisioning.

2. A Tax Audit or Legal Review Is Coming

Software compliance issues, improperly secured customer data, and inadequate record-keeping can all become legal problems during a tax authority inspection. Finding out before the auditors arrive is always cheaper than finding out during.

3. Your IT Person Just Left

When the person who managed your systems leaves, they take institutional knowledge with them — and sometimes more. An IT audit ensures no backdoors, no lingering privileged accounts, and no hidden configurations that could cause problems later.

4. You Just Had a Security Incident

If one machine got infected and spread to others, or if you suspect a data leak, an audit maps the full scope of the damage and identifies the root cause to prevent recurrence.

5. You're Applying for Cyber Insurance

Cyber insurance is becoming more common among Vietnamese companies working with international clients. Most insurers now require a third-party IT assessment as part of the underwriting process — a self-assessment generally isn't accepted.

IT Audit Costs in Vietnam: What to Expect

For a Vietnamese SMB with 15–50 employees, a professional on-site IT audit takes 2–4 hours on-site plus 1–2 business days for data processing and report preparation.

Typical market rates in Da Nang:

  • 10–20 employees: 2–4 million VND (~$80–160 USD)
  • 20–50 employees: 4–8 million VND (~$160–320 USD)
  • Includes written report and a results presentation session

For context: a single AutoCAD license (legal) costs around 25–35 million VND (~$1,000–1,400 USD) annually. An audit that catches five unlicensed copies pays for itself many times over in avoided penalties alone.

Self-Assessment vs. Professional Audit vs. Automated Tools

CriterionSelf-assessmentProfessional IT auditAutomated monitoring tools
CostFree (internal labor)2–8M VND per engagement500K–2M VND/month
AccuracyLow — internal blind spotsHigh — objective third partyMedium
Time required1–3 days2–4 hours on-siteContinuous (automated)
Accepted for tax/legal auditNoYesDepends on tool
Detects pirated softwareDifficultEffectivePossible
Formal written reportNoYesYes (limited)
Best suited forMicro-businesses < 5 people10–200 employeesOngoing monitoring after audit

Vietify's Free IT Assessment: Scope and Conditions

Vietify offers a free IT health check for qualifying businesses in Da Nang:

  • 5 to 100 employees
  • Office located in Da Nang or within 30km
  • No existing service contract with Vietify

The free assessment covers: hardware walkthrough, basic software licensing check (top 10 applications), fundamental security review, and a one-page summary report.

A full paid assessment covers all 6 areas with detailed reporting suitable for submission to auditors or insurers. You can also review the software compliance audit packages we offer separately.

There's no obligation to engage us for remediation — many clients take the report and handle items themselves or with their existing IT support.

Frequently Asked Questions

How long does an IT audit take, and will it disrupt our work?

For a 15–30 person office, the on-site portion takes 2–3 hours. Our technicians work alongside your staff — no machines need to be shut down, no work is interrupted. The best time to schedule is early morning or on a Saturday.

If you find pirated software, will you report us to authorities?

No. Everything found during an assessment is strictly confidential and exists only to help you fix problems. Our job is to give you an accurate picture and practical remediation options — not to create legal exposure. We'll recommend the most cost-effective path to getting compliant.

What's the difference between the free assessment and a paid one?

The free assessment identifies your biggest issues and gives you a prioritized overview. The full paid assessment covers all six areas in depth, produces a detailed report suitable for external use (auditors, insurers, investors), and includes a presentation session where we walk through findings and answer questions.

After the audit, are we required to use Vietify for the fixes?

No. The report is yours. You can fix items yourself, use another IT provider, or engage us — entirely your choice. We don't build in any lock-in. Many clients do choose to work with us on remediation simply because it's faster, but there's no obligation.

Next Steps

If your business hasn't had a formal IT review in the past 12 months — especially if you've had IT staff changes, a growth period, or any security incidents — now is a practical time to schedule one.

Book a free IT assessment or explore the IT health check services Vietify provides for Da Nang businesses.

Vietify IT Services — Professional IT for your business.

Chia sẻ bài viết

Cần tư vấn IT cho doanh nghiệp?

Vietify IT cung cấp Managed IT từ 4.990.000đ/tháng. Phản hồi trong 30 phút.

Nhận tư vấn miễn phí

Bình luận

Đang tải bình luận…

Để lại bình luận

0/2000

Bình luận sẽ được kiểm duyệt trước khi hiển thị.

Xem tất cả bài viết

Cập nhật: 14/7/2026

Frequently asked questions about Vietify

Which businesses does Vietify IT Services support?
Vietify supports small and midsize businesses that need managed IT, security, software licensing, cloud, backup and device support in Da Nang and remotely.
Can I get advice before buying a service?
Yes. You can contact Vietify for a needs assessment, current-risk review and practical recommendations before making a decision.
Does Vietify provide VAT invoices and post-deployment support?
Yes. Vietify provides documentation and VAT invoices when required, plus technical support after deployment according to the agreed service scope.
Miễn phí · Không spam

Nhận tư vấn IT và bài viết mới qua email

Cộng thêm Checklist Bảo mật IT 2026 miễn phí — gửi thẳng vào hộp thư của bạn ngay bây giờ.

Không spam. Chỉ nội dung IT hữu ích. Tuân thủ PDPL 2025.